How to Install nonceEnabler on a Jailbroken iPhone, iPod touch, or iPad to Use With Prometheus

If you’re reading this, chances are you know exactly what Prometheus (AKA futurerestore) is and what it does. It allows you to downgrade to iOS versions that are no longer being signed by Apple, as long as you have valid SHSH2 blobs for that version. Using futurerestore to achieve an unsigned restore, in most cases, requires you to be jailbroken already so that you can force your device to generate the same nonce value as your SHSH2 blob.

So what is a nonce? Every time your device boots in recovery mode it generates a nonce (number used once) value. As the name implies, these numbers are generally only generated once. To achieve an immediate unsigned restore, the nonce generated by the device, and the nonce value in your SHSH2 blob have to be exactly the same. It is possible that it could randomly generate the same nonce as your blob, but this is extremely unlikely. Luckily, if you are already running a jailbroken device, you can force it to generate the same nonce at the blob you have saved. To do this you need to be jailbroken using a jailbreak that has “task_for_pid_0” functionality, so that you can install nonceEnabler to be able to specify which nonce to generate. Once nonceEnabler is installed, you can follow this guide to install iOS 10.2 and jailbreak.

Requirements & Notes:

  • You will need be jailbroken using a jailbreak that has “task_for_pid_0” functionality.
  • Which jailbreaks this should work with:
    – iOS 9.3 to 9.3.3 (make sure to re-jailbreak using jbme.qwertyoruiop.com instead of the Pangu app after rebooting)
    – iOS 9.0 to 9.1 (Pangu Jailbreak)
    – iOS 8.1.3 to 8.4 (Taig Jailbreak)
    – iOS 7.1 to 7.1.2 (Pangu Jailbreak)
    – iOS 7.0 to 7.0.6 (evasi0n Jailbreak)
    – iOS 6.0 to 6.1.2 (evasi0n Jailbreak)
  • If you are jailbroken on iOS 10.0 – 10.2 using the YALU jailbreak, you do NOT need to install nonceEnabler.
  • This requires a Mac or Linux computer (can be run on Windows with a virtual machine).

Download Links:

Written Guide: 

Computer Method (Most Stable):

  1. Download nonceEnabler to your computer from the link above. Extract the nonceEnabler.zip file wherever you want.
  2. Open Cydia on your jailbroken device, tap on the Search tab at the bottom, and search for OpenSSH. Once you find it, open it and install it by tapping the Install button in the top right, followed by the Confirm button.
  3. Make sure your computer is connected to the same router/Wifi network as your iOS device. You need to find the IP address of your iOS device on your network. To do this, open the Settings app on the device, tap on the Wi-Fi settings menu, then tap on the blue information button next to your Wi-Fi network. In here you should see the IP Address section, followed by your devices IP address (e.g. 192.168.0.9).
  4. Open the Terminal application on your Mac or Linux machine. In the command line, type the following command (replacing ‘<IP Address>’ with your devices IP address):

    ssh root@<IP Address>

    It should ask you to enter a password. The default password for SSH on iOS is ‘alpine’ (unless you changed it). If you do not see the letters appear as you type, this is normal and is still typing the password.

  5. Once you have accessed your device via SSH, open a new Terminal window on your computer. You now need to navigate to the folder where you saved nonceEnabler. To do this, type the command cd <folder containing nonceEnabler> (replacing the things in the <>’s with the folder nonceEnabler is in. For example:

    cd /Users/Josh/Desktop/nonceEnabler

    Make sure you use the folder containing the nonceEnabler FILE, not the nonceEnabler folder. A quick way to type the folder location is to simply drag it onto the Terminal app.

  6. Once Terminal is in the correct directory, you need to transfer the nonceEnabler file to your device using the scp command. To do this, type the following command into Terminal (replacing ‘<IP Address>’ with your devices IP address):

    scp nonceEnabler root@<IP Address>:

    This should also ask you for a password. Type the default password again which is ‘alpine’. If this is successful, the nonceEnabler file should now be on your device.

  7. Go back to the original Terminal window you used to SSH into your device. Type the ‘ls’ command to display the files in your current directory. If nonceEnabler is there, type this command:

    ./nonceEnabler

    If everything worked correctly, you should see something like this:

  8. You should now have the nonceEnabler patch installed on your device, and you should be able to set custom generators to use with Prometheus.

Cydia Method (Experimental):

  1. Open Cydia on your jailbroken device and navigate to the Sources tab at the bottom. Tap Edit in the top right, then Add in the top left. A pop-up should appear asking you to enter a Cydia repo URL. In this box, type ‘repo.ipodhacks142.com’. Tap the Add Source button and wait for it to finish adding the source.
  2. You should now have a new sources in cydia called iPodHacks142’s Repo. Open this and navigate to All Packages.
  3. Find and open the package called nonceEnabler Patch. Once open, tap the Install button in the top right, then Confirm to begin installing.
  4. If all goes well, and you have a tfp0 compatible jailbreak, you should now have the nonceEnabler patch installed on your device! If you got any errors in the install log, you probably aren’t using a tfp0 compatible jailbreak.

Please remember that this method is experimental and may not work. If this does not work for you, try the computer method above.

Video Guide: 

Coming soon!

ALSO SEE: How to Restore to iOS 10.2 Unsigned Using Prometheus on iPhone, iPod touch or iPad


9 Comments on How to Install nonceEnabler on a Jailbroken iPhone, iPod touch, or iPad to Use With Prometheus

  1. Hey need some help here, whenever I run ./nonceEnabler, it keeps saying “failed to get the kernel base address” any way to fix this?

  2. I am on 8.1 am I out of Luck ?

    I tried it with 3 different Terminal machines. Always the same error ” failed to get kernel base address

    Any suggestions ?

Leave a Reply

Your email address will not be published.


*